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Description 

Related Cases 

The subject matter of this application is related to 
the subject matter disclosed in U.S. Patents 4,268,715; 
4,281,215; 4,283,599; 4,288,659; 4,315,101; 
4,357,529; 4,536,647 and pending application for U.S. 
Patent Serial- No.. 547,207, entitled- POCKET TERMI- 
NAL, METHOD AND SYSTEM FOR SECURED BANK- 
ING TRANSACTIONS, filed October 31, 1983 by M.M. 
Atalla. 

Background of the Invention 

Conventional data encryption networks commonly 
encrypt a Personal identification Number with a partic- 
ular encryption key for transmission along with data 
messages, sequence numbers, and the like, from one 
location node in the data network to the next location or 
node in the network. There, the encrypted PIN is de- 
crypted using the encryption key, and re-encrypted with 
another encryption key for transmission to the next node 
in the network, and so on to the final node destination 
in the network. 

In addition, such conventional data encryption net- 
works also develop a Message Authentication Codes in 
various ways, and then encrypt such MAC for transmis- 
sion to the next node using a MAC-encryption key that 
is different from the encryption key used to encrypt the 
PIN. At such next node, the MAC is decrypted using the 
MAC encryption key and then re-encrypted using a new 
MAC-encryption key for transmission to the next node, 
and so on to the final destination node in the network. 

Further, such conventional networks operate upon 
the PIN, MAC, data message, sequence number, and 
the like; received and decrypted at the final destination 
node to consummate a transaction, or not, and then 
communicate an ACK nowledqment or Non -ACK nowl- 
edgment message back to the originating node of the 
network. Such ACK or NACK codes may be encrypted 
and decrypted in the course of transmission node by 
node through the network back to the originating node 
to provide an indication there of the status of the intend- 
ed transaction at the final destination node. 

Conventional data encryption networks of this type 
are impeded from handling greater volumes of messag- 
es from end to end by the requirement for separately 
encrypting and decrypting the PIN and MAC codes at 
each node using different encryption/decryption keys for 
each, and by the requirement for encrypting/decrypting 
at least the ACK code at each node along the return path 
in the network. 

In addition, such conventional data encryption net- 
works are susceptible to unauthorized intrusion and 
compromise of the security and message authenticity 
from node to node because of the separated PIN and 
MAC encryption/decryption techniques involved. For 



example, the encrypted PIN is vulnerable to being 
"stripped" away from the associated MAC, message, 
sequence number, and the like, and to being appended 
to a different MAC, message, sequence number, and 

s the like, for faithful transmission over the network. Fur- 
ther, the return acknowledgment code may be intercept- 
ed and readily converted to a non-acknowledgment 
code or simply be altered in transmission after the trans- 
' action was completed at the destination node. Such a 

io return code condition could, for example, cause the user 
to suffer the debiting of his account and, at the same 
time, the denial of completion of a credit purchase at 
point-of-sale terminal or other originating node. 

It is known from US-Patent 5,101 ,373, to avoid the 

15 drawback of encryption and decryption of personal iden- 
tification information and of message data information, 
sequence numbers, and the like, respectively when 
transmitting such information from one location to a next 
location by providing an approval operation parameter 

20 generator in a first location acting as the information 
transmitting location, said approval operation parameter 
generator generating an initial cipher value and an en- 
cipher key and sending these parameters to a second 
location acting as the information receiving location. 

25 Those said locations keep stored therein the same pro- 
gramm data segmented in a first and a second plurality 
of data blocks, respectively. An approval calculation is 
carried out at both locations enciphering the respective 
plurality of segmented data blocks with the said param- 

30 eters, the respective results of the calculation on the 
side of the receiving location and on the side of the trans- 
mitting location being compared within a central 
processing unit on the side of the transmitting location. 
The result of this comparison, if not satisfactory, inhibits 

35 the communication between said both locations. 

From European patent application publication No. 
0 391 261 a telecommunication system is known imple- 
menting a checking of double use of electronic cash is- 
sued from a bank and accepted e.g. by a shop from the 

40 user. The user generates user information from secret 
information containing user's identifications, and cre- 
ates an authentication information. The user makes a 
bank apply a blind signature to the user information and 
to the authentication information in a one-way-function. 

45 The electronic cash receiving shop verifies the validity 
of the user information and the authentication informa- 
tion both signed by the bank. In response to a subse- 
quent inquiry of the shop the user produces a response 
by removing the influence of the randomisation and of 

50 the secret information so that, after verifying the validity 
of the response, the shop accepts the electronic cash. 

It is an object of the present invention to provide an 
improved method of securing transaction data between 
two locations in response to a user's personal identifi- 
es cation number in the sense. of increasing the security 
and simplifying the encoding and decoding operations. 

This object, in accordance with the present inven- 
tion, is achieved by a method with the features of at- 
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tached claim 1. Furthermore, said object is also 
achieved by an apparatus with the features of appended 
claim 5. 

Accordingly, the method and means for integrating 
the encryption keys associated with the PIN and MAC 
codes according to the present invention assure that 
these codes are sufficiently interrelated and that altera- 
tion of one such code will adversely affect the other such 
code and inhibit message authentication in the network. ' 
In addition, the return acknowledgment or non-acknowl- 
edgment code may be securely returned from node to 
node in the network without the need for encryption and 
decryption at each node, and will still be securely avail- 
able for proper validation as received at the originating 
node. This is accomplished according to the present in- 
vention by using one session key to encrypt the PIN 
along with the MAC, a random number, the message, 
and the sequence number which are also encrypted with 
the PIN such that re-encryption thereof in the transmis- 
sion from location to location, or node to node over a 
network is greatly facilitated and validatable at each 
node, if desired. In addition, portions of the random 
number are selected for use as the Acknowledgment or 
Non-Acknowledgment return codes which can be se- 
curely returned and which can then only be used once 
to unambiguously validate the returned code only at the 
originating node in the network. 

Description of the Drawings 

FIG. 1 is graphic representation of a typical conven- 
tional encryption scheme which operates with two 
independent session keys; 
FIGS. 2, 2A, 2B and 2C are schematic representa- 
tions of a second network according to the present 
inventions; and 

FIGS. 3, 3A. 3B and 3C are graphic representations 
of the signal processing involved in the operation of 
the network of FIG. 2. 

Description of the Preferred Embodiment 

Referring now to Figure 1 , there is shown a graphic 
representation of the encoding scheme commonly used 
to prodcue the PIN and MAC codes using two session 
keys for transmission separately to the next network 
node. As illustrated, one session key 5 may be used to 
encrypt the PIN entered 7 by a user (plus a block of filler 
bits such as the account number, as desired) in a con- 
ventional encryption module 9 which may operate ac- 
cording to the Data Encryption Standard (DES) estab- 
lished by the American National Standards Institute 
(ANSI) to produce the encrypted PIN signal 11 (com- 
monfy referred to as the PIN block' according to ANSI 
standard 9.3) for transmission to the next network node. 
In addition, the message or transaction data which is 
entered 1 3 by the user and which is to be transmitted to 
another node, is combined with a sequence number 15 



that may comprise the date, time, statbn code, and the 
like, for encryption by a DES encryption module 17 with 
another session key 19 to produce a Message Authen- 
tication Code (MAC) 21 for that message and sequence 

s number. The MAC may comprise only a selected 
number of significant bits of the encrypted code. The 
message and MAC are separately transmitted to the 
next node along with the encrypted PIN, and these 
• codesrare separately decrypted with the respective ses- 

10 sion keys and then re-encrypted with new separate ses- 
sion keys for transmission to the next network node, and 
soon, to the destination node. Conventional PIN valida- 
tion at the destination node, and message authentica- 
tion procedures may be performed on the received, en- 

is crypted PIN and MAC, (not illustrated) and the message 
is then acted upon to complete a transaction if the PIN 
is valid and the MAC is unaltered. A return Acknowl- 
edgment (or Non-ACKnowledgment) code may be en- 
crypted and returned to the next node in the network 

20 over the return path to the originating node. At each 
node in the return path, the ACK code is commonly de- 
crypted and re-encrypted for transmission to the next 
node In the return path, and so on (not illustrated), to 
the originating node where receipt of the ACK is an in- 

25 dication that the transaction was completed at the des- 
tination node. Conventional systems with operating 
characteristics similar to those described above are 
more fully described, for example, in U.S. Patent 
4,283,599. 

30 One disadvantage associated with such conven- 
tional systems is the need to encrypt and decrypt at each 
node using two separate session keys. Another disad- 
vantage is that, such conventional systems are vulnera- 
ble to unauthorized manipulation at a network node by 

35 which the message and MAC may be "stripped away" 
from the encrypted PIN associated with such message 
and replaced with a new message and MAC for trans- 
mission with the same encrypted PIN to the next net- 
work node. Further, the acknowledgement code that is 

40 to be returned to the originating node not only must be 
decrypted and re-encrypted at each node along the re- 
turn path, but the return of an acknowledgment code that 
is altered along the return path may connote non-ac- 
knowledgment or non-completion of the intended trans- 

^5 action at the destination node. This condition can result 
In the account of the user being debited (the PIN and 
MAC were valid and authentic as received at the desti- 
nation node), but the user being denied completion of a 
credit transaction (e.g., transfer of goods) at the origi- 

50 nating node. 

Referring now to Figures 2 and 3, there are shown 
schematic and graphic representations, respectively, of 
network operations according to the present invention. 
Specifically, there is shown a system for transmitting a 

ss message over a network 29 from an originating node 31 
to a destination node 33 via an intermediate node 35. 
At the originating node 31 , an authorized user enters his 
PIN 37 of arbitrary bit length with the aid of a key board, 
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or card reader, or the like, and the entered PIN is then 
filled or blocked 39 with additional data bits (such as the 
user's account number in accordance with ANSI stand- 
ard 9.3) to configure a PIN of standard bit length. 

In addition, the transaction data or message 41 en- 
tered through a keyboard, or the like, by the user is com- 
bined with a sequence number 43 which is generated 
to include date, time of day, and the like. The combined 
message and sequence. number is encrypted 45 with 
the PIN (or blocked PIN) in a conventional DES module 
to produce a multi-bit encrypted output having selected 
fields of bits, one field of which 53 serves as the Mes- 
sage Authentication Code (MAC). Other schemes may 
also be used to produce a MAC, provided the PIN (or 
blocked PIN) is used as the encryption key, and the re- 
sulting MAC, typically of 64-bit length, may be segregat- 
ed into several sectors or fields 51 . A random number 
(R/N) is generated 52 by conventional means and is 
segregated into several sectors or fields 54, 56, 58. The 
first sector or field 54 of, say 32-bits length, is then en- 
crypted with the selected MAC field 53 in a conventional 
DES encryption module 55 (or in DES module 45 in time 
share operation) using the session key K, as the en- 
cryption key 50. In addition, the PIN (or blocked PIN) 39 
is encrypted in DES encryption module 60 (or in DES 
module 45 in time share operation) using the session 
key K1 as the encryption Key 50. The session key 50 
may be transmitted to successive nodes 35, 33 in se- 
cured manner, for example, as disclosed in U.S. Patent 
4,288,659. The resulting encrypted output codes 62, 64 
are then transmitted along with sequence number 43 
and the message 41 (in clear or cypher text) over the 
network 29 to the next node 35 in the path toward the 
destination node 33. Thus, only a single session key K-, 
is used to encrypt the requisite data for transmission 
over the network, and the residual sectors or fields 56, 
58 of the random number from generator 52 remain 
available to verify successful completion of the transac- 
tion at the destination node 33, as later described here- 
in. 

At the intermediate node 35, the encrypted PIN 64 
received from the originating node 31 is decrypted in 
conventional DES module 70 using the session key K 1 
to produce the blocked PIN 63. In addition, the encrypt- 
ed MAC and R/N 68 received from the originating node 
is decrypted in conventional DES module 61 (or in DES 
module 70 operating in timeshare relationship) using 
session key to produce the MAC and the R/N in seg- 
regated fields. An initial validation may be performed by 
encrypting the received message 41 and sequence 
number 43 in conventional DES module 67 using the 
decrypted PIN 63 as the encryption key. Of course, the 
original PIN as entered by the user may be extracted 
from the decrypted, blocked PIN 63 to use as the en- 
cryption key in module 67 il the corresponding scheme 
was used in node 31 . (It should be understood that the 
PIN or blocked PIN does not appear in clear text outside 
of such decryption or encryption modules 70, 67 (or 69, 



later described herein), and that these modules may be 
the same DES module operated in time-shared relation- 
ship.) 

The encrypted output of module 67 includes several 

5 sectors, or fields, similar to those previously described 
in connection with the encrypted output of module 45. 
The selected sector 53 of significant bits that constitutes 
the MAC is selected for comparison with the MAC 65 
that is decrypted in DES module 61-. This decryption also 

io provides the R/N having several selected sectors or 
fields 72. If the comparison of the decrypted and en- 
crypted MAC'S in comparator 74 is favorable, gate 76 is 
enabled and the decrypted MAC and R/N are encrypted 
in conventional DES module 69 using new session key 

15 K 2 as the encryption key, and gate 88 is enabled to en- 
crypt the decrypted PIN in DES module 78 (or in DES 
module 67 or 69 in time share operating). If comparison 
is unfavorable, the transaction may be aborted and the 
gate 80 is enabled to transmit back to the originating 

20 node 31 the sector or field 58 of the R/N which consti- 
tutes the Non AC K nowledge sector of the decrypted R/ 
N output of module 61 . The encrypted PIN output 82 of 
module 76 and the encrypted MAC and R/N output 84 
of the module 69 are thus transmitted along with the 

25 message 41 and sequence number 43 over the network 
29 to the destination node 35 upon favorable compari- 
son 74 of the encrypted and decrypted MACs. 

At the destination node 33, the encrypted PIN out- 
put 86 received from the intermediate node 35 is de- 

30 crypted in conventional DES module 71 using the ses- 
sion key K 2 to produce the PIN 73. An initial validation 
may be performed by encrypting the received message 
41 and sequence number 43 in conventional DES mod- 
ule 77, using the decrypted PIN 73 as the encryption 

35 key. As was described in connection with the intermedi- 
ate node 35, the original PI N as entered by the user may 
be extracted from the decrypted, blocked PIN 73 to use 
as the encryption Key in module 77 if the corresponding 
scheme was used in node 31 . And, it should be under- 
go stood that the PIN or blocked PIN does not appear in 
clear text outside of the decryption or encryption mod- 
ules 71 , 77, which modules may be the same DES mod- 
ule operated in time-shared relationship. In addition, the 
encrypted MAC and R/N received at the destination 

45 node 33 is decrypted in DES module 92 using the ses-. 
sion key K 2 to produce the MAC 75 and the R/N 94 in 
segregated sectors or fields. The selected sector 53 of 
significant bits that constitutes the MAC in the encrypted 
output of module 77 is compared 79 for parity with the 

50 decrypted MAC 75. If comparison is favorable, the trans- 
action may be completed in response to the message 
41 , and gate 81 may be enabled to transmit 29 back to 
the intermediate node 35 a second selected sector or 
field 56 which constitutes the ACK nowl edge output sec- 

55 tor of the R/N decrypted output from module 92. If com- 
parison 79 is unfavorable, the transaction is not com- 
pleted and gate 83 is enabled to transmit 29 back to the 
intermediate node 35 a third selected sector or field 58 
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which constitutes the Non -ACK nowtedge sector of the 
R/N decrypted output from module 92. 

In accordance with one aspect of the present inven- 
tion, the returned ACK or NACK codes do not require 
decryption and re-encryption when transmitted from s 
node to node along the return path in the network back 
to the originating node 31. Instead, these codes are al- 
ready in encoded form and may be transmitted directly 
from node to node without-encumbering a node with ad- 
• ditional operational overhead. These codes are there- 10 
fore secured in transmission over the network and are 
only cypherable in the originating node 31 which con- 
tains the ACK and NACK fields or sectors 56 and 58 of 
the random number from generator 52. At the originating 
node 31 , the second and third sectors or fields 56 and is 
58 of the random number are compared 98 with the cor- 
responding sectors of decrypted R/N outputs received 
from the destination node 33 (or the sector 58 of the de- 
crypted R/N output received from intermediate node 35) 
to provide an indication at the originating node that the 20 
transaction was either completed 89 or aborted 91. Of 
course, the ACK and NACK may be encrypted as a net- 
work option when returned to the originating node 31 . 
And, it should be understood that the encryption and de- 
cryption modules at each node may be the same con- 2$ 
ventional DES module operated in timeshare relation- 
ship. 

Therefore, the system and method of combining the 
management of PIN and MAC codes and the session 
keys associated therewith from node to node along a 30 
data communication network obviates the conventional 
need for separate session keys for the PIN and the 
MAC, and also obviates the need for conventional en- 
cryption/decryption schemes for an acknowledgment 
code at each node along the return path back to the orig- 3S 
inating node. If desired, PIN validations may be per- 
formed at each node since the PIN is available within 
the DES module circuitry. In addition, the present sys- 
tem and method also reduces the vulnerability of a se- 
cured transmission system to unauthorized separation *o 
of a valid PIN code from its associated message and 
MAC code for unauthorized attachment to a different 
message and MAC code. Further, the method and 
means of the present invention reduces the ambiguity 
associated with the return or not of only an acknowledg- 4S 
ment code in conventional systems by returning either 
one of the ACK and NACK codes without additional op- 
erational overhead at each node. 



Claims 

1. The method of securing transaction data between 
two locations in response to a user's message and 
personal identification number, the method com- ss 
prising: 

forming a sequence number representative of 



the user's transaction; 

encoding in a first logical combination at the 
first location the user's message and the se- 
quence number in accordance with the person- 
al identification number received from the user 
to produce a message authentication code hav- 
ing a plural number of digit sectors; 
generating a random number; 
■ establishing a first encoding key; 

encoding in a second logical combination at the 
first location the random number and a selected 
number of sectors of the message authentica- 
tion code in accordance with the first encryption 
key to produce a first coded output; 
encoding in a third logical combination at the 
first location the user's personal identification 
number in accordance with the first encoding 
key to produce a second coded output; 
transmitting to another location the user's mes- 
sage and the sequence number and the first 
and second coded outputs; 
establishing the first encoding key at such other 
location; 

decoding the first coded output received at 
such other location with the first encoding key 
according to said second logical combination 
thereof to provide the random number and 
message authentication code; 
decoding the second coded output received at 
such other location with the first encoding key 
according to said third logical combination to 
provide the user's personal identification 
number, 

encoding In the first logical combination at such 
other location the user's message and se- 
quence number received thereat in accordance 
with the decoded personal identification 
number to produce a message authentication 
code having a plural number of digit sectors; 
and 

comparing selected corresponding digit sec- 
tors of the decoded message authentication 
code and the encoded message authentication 
code to provide an indication upon favorable 
comparison of the valid transmission of the us- 
er's message between the two locations. 

2. The method according to claim 1 comprising the 
steps of: 

establishing a second encoding key at the other 
location; 

encoding in a fourth logical combination at such 
other location the decoded random number and 
selected sector of the message authentication 
code in accordance with the second encoding 
key to produce a third coded output; 
encoding in a fifth logical combination at the 
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other location the decoded user's personal 
identification number in accordance with the 
second encoding key to produce a fourth coded 
output; 

transmitting to a remote location the user's * 
message and the sequence number and the 
third and fourth coded outputs; 
establishing the second encoding key at the re- 
• ■ ' mote location; ' ■ • 

decoding the third coded output as received at io 
the remote location according to the fourth log- 
ical combination in accordance with the second 
encoding key to provide the random number 
and the message authentication code having a 
plural number of digit sectors; is 
decoding the fourth coded output received at 
the remote location according to the fifth logical 
combination to provide the user's personal 
identification number; 

encoding the message and the sequence 20 
number received at the remote location accord- 
ing to the first logical combination in accord- 
ance with the decoded personal identification 
number to produce a message authentication 
code having a plural number of digit sectors; ss 
and 

comparing corresponding digit sectors of the 
decoded message authentication code and the 
encoded message authentication code at the 
remote location to provide an indication upon so 
favorable comparison of the unaltered trans- 
mission of the message, or an indication upon 
unfavorable comparison of an alteration in the 
transmission of the message. 

35 

3. The method according to claim 1 comprising the 
steps of: 

transmitting a selected sector of the decoded 
random number from the other location to the 40 
one location in response to unfavorable com- 
parison; and 

comparing the selected sector of the random 
number received at the one location from the 
other location with the corresponding selected 45 
sector at the one location to provide an indica- 
tion of the altered transmission of the message 
to the other location. 

4. The method according to claim 2 comprising the so 
steps of: 

completing the transaction and returning a sec- 
ond selected sector of the decoded random 
number from the remote location to the one lo- 55 
cation in response to said favorable compari- 
son, and inhibiting completion of the transac- 
tion and returning a third selected sector of the 



decoded random number from the remote lo- 
cation to the one location in response to said 
unfavorable comparison; and 
comparing the selected sector of the random 
number received at the one location from the 
remote location with the corresponding select- 
ed sector of the number generated at the one 
location to provide an indication of the comple- 
' tron or -non-completion of the transaction at the 
remote location. 

5. Apparatus for securing transaction data between 
two locations (31 , 35) in response to a user's mes- 
sage (41) and personal identification number (37), 
the apparatus comprising: 

means for generating a sequence number as- 
sociated with a user's transaction; 
means (52) for generating a random number; 
first encryption means (45) at one location for 
encrypting according to a first logical combina- 
tion of the user's message and the sequence 
number applied thereto with the personal iden- 
tification number received from the user for pro- 
ducing a message authentication code there- 
from having a plural number of digit sectors; 
means (50) at said one location for producing 
a first session key; 

second encryption means (55) coupled to re- 
ceive the random number from the user and a 
selected sector of the message authentication 
code for encrypting the same with the first ses- 
sion key according to a second logical combi- 
nation thereof to produce a first encoded output 
(62); 

third encryption means (60) coupled to receive 
the personal identification number from the us- 
er for encrypting the same with the first session 
key according to a third logical combination 
thereof to produce a second encoded output 
(64); 

means (29) for transmitting the first and second 
encoded outputs and message and sequence 
number from the one location to the next loca- 
tion; 

means at the next location for producing the 
first session key (session key,); 
first decryption means (61) at the next location 
coupled to receive the transmitted first encoded 
output (68) and the first session key for decrypt- 
ing in accordance with said second logical com- 
bination to provide the random number and the 
message authentication code (65); 
second decryption means (70) at the next loca- 
tion coupled to receive the transmitted second 
encoded output and the first session key for de- 
crypting in accordance with the third logical 
combination thereof to produce the user's per- 
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sonal identification number (63); 
third encryption means (67) at the next location 
coupled to receive the transmitted message 
and sequence number for encoding the same 
according to said first logical combination with S 
the decrypted personal identification number 
(63) to produce a message authentication code 
having a plural number of digit sectors; 
Comparison means* (74) at the next location 
coupled to receive the corresponding selected io 
sectors of the message authentication code 
(65) formed by decription of said first decryption 
means (61 ) and of the message authentication 
code formed by encryption of said third encryp- 
tion means (67) at said next location for produc- is 
ing an output indication of the parity thereof; 
and 

means (76) at the next location responsive to 
said output indication for operating upon the re- 
ceived message in response to favorable com- 20 
parison. 

6. Apparatus as in claim 5 comprising: 

means (80) at the next location responsive to 
the unfavorable comparison for transmitting to the 2S 
one location a selected sector (58) of the random 
number. 

1. Apparatus as in claim 5 comprising: 

30 

means at the next location for producing a sec- 
ond encoding key (session key 2 ); 
first encryption means (69) at the next location 
coupled to receive the decrypted message au- 
thentication code and random number for en- 3S 
coding the same with the second encoding key 
in accordance with a fourth logical combination 
in response to said favorable comparison for 
producing a third output code for transmission 
to a destination location; *o 
second encryption means (78) at the next loca- 
tion coupled to receive the decrypted personal 
identification number for encoding the same 
with the second encoding key in accordance 
with a fifth logical combination in response to <& 
said favorable comparison for producing a 
fourth output code (82) for transmission to a 
destination location; 

means at the destination location for producing 
the second encoding key (session key 2 ); so 
first decryption means (92) at the destination 
location for receiving the third output code (90) 
transmitted from said next location and the sec- 
ond encoding key for decoding the same ac- 
cording to said fourth logical combination to ss 
provide the random number (94) and the mes- 
sage authentication code (75); 
second decryption means (71) at the destina- 



tion location for receiving the fourth output code 
transmitted from said next location and the sec- 
ond encoding key (session key 2 ) for decoding 
the same according to said fifth logical combi- 
nation to provide the personal identification 
number; 

encryption means (77) at the destination loca- 
tion for receiving the message and the se- 
quence number for encoding the same with the 
decrypted personal identification number in ac- 
cordance with the first logical combination to 
produce a message authentication code having 
a plural number of digit sectors; 
means (79) at the destination location for com- 
paring corresponding selected sectors of the 
encrypted message authentication code and 
the decrypted message authentication code 
(75) to produce output indications of favorable 
and unfavorable comparisons; 
means (81) at the destination location respon- 
sive to favorable output indication for operating 
upon the transmitted message and for transmit- 
ting a selected sector of the random number to 
said one location, and responsive (83) to unfa- 
vorable comparison for transmitting another se- 
lected sector of the random number to said one 
location; and 

comparator means (98) at the one location cou- 
pled to receive the corresponding selected sec- 
tors of the random number for providing an out- 
put indication (89, 91 ) of the status of operation 
upon the message at the destination location. 



PatentansprOche 

1. Verfahren zur Sicherung der Transaktion von Daten 
zwischen zwei Orten in Abhangigkeit von einer Be- 
nutzernachricht und einer personlichen Identifizie- 
rungsnummer, wobei das Verfahren folgendes um- 
faBt: 

Bilden einer Folgenummer entsprechend der 
Transaktion durch den Benutzer; 

Kodieren einer ersten logischen Kombination 
der Benutzernachricht und der Folgenummer 
an einem ersten Ort entsprechend der person- 
lichen Identifizierungsnummer, welche von 
dem Benutzer empfangen worden ist, urn einen 
Nachrichten-Berechtigungskode zu erzeugen, 
welcher eine Mehrzahl von digitalen Sektoren 
aufweist; 

Erzeugen einer Zufallszahl; 

Festsetzen eines ersten Kodierungsschlus- 
sels; 
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13 

Kodieren einer zweiten logischen Kombination 
der Zutallszahl und einer gewahlten Zahl von 
Sektoren des Nachrichten-Berechtigungsko- 
des an dem ersten Ort entsprechend dem er- 
sten VerschlOsselungskode zur Erzeugung ei- 5 
nes ersten kodierten Ausganges; 

Kodieren einer dritten logischen Kombination 
■der personlichen Idehtifizierungsnuhrimer des' 
Benutzers an dem ersten Ort entsprechend io 
dem ersten KodierungsschlOssel zur Erzeu- 
gung eines zweiten kodierten Ausganges; 

Obertragen der Benutzernachricht und der Fol- 
genummer sowie des ersten und zweiten ko- 
dierten Ausganges zu einem anderen Ort; 

Festsetzen des ersten KodierungsschlOssel an 
diesem genannten anderen Ort; 

20 

Dekodieren des ersten kodierten Ausganges, 
welcher an diesem anderen Ort empfangen 
wird, unter Verwendung des ersten Kodie- 
rungsschlussels entsprechend der genannten 
zweiten logischen Kombination zur Erzeugung 25 
der Zutallszahl und des Nachrichten-Berechti- 
gungskodes; 

Dekodieren des zweiten kodierten Ausganges, 
welcher an diesem anderen Ort empfangen 30 
wird, unter Verwendung des ersten Kodie- 
rungsschlussels entsprechend der genannten 
dritten logischen Kombination zur Erzeugung 
der personlichen Identifizierungsnummer des 
Benutzers; 3S 

Kodieren gemaB der ersten logischen Kombi- 
nation an dem genannten anderen Ort, der Be- 
nutzernachricht und der Folgenummer, welche 
dort empfangen worden sind, entsprechend <o 
der dekodierten personlichen Identifizierungs- 
nummer, urn einen Nachrichten-Berechti- 
gungskode zu erzeugen, der eine Mehrzahl 
von digitalen Sektoren aufweist; und 

45 

Vergleichen ausgewahlter entsprechender Di- 
gitalsektoren des dekodierten Nachrichten-Be- 
rechtigungskodes und des kodierten Nach rich - 
ten-Berechtigungskodes zur Erzeugung einer 
Anzeige bezuglich eines posrtrven Vergleiches so 
der gOltigen Ubertragung der Benutzernach- 
richt zwischen zwei Orten. 

Verfahren nach Anspruch 1 , enthaltend die folgen- 
den Schritte: ss 

Festsetzen eines zweiten Kodierungsschlus- 
sels an dem genannten anderen Ort; 



Kodierung gemaB einer vierten logischen Kom- 
bination an dem genannten anderen Ort von 
der dekodierten Zufallszahl und dem gewahl- 
ten Sektor des Nachrichten-Berechtigungsko- 
des entsprechend dem zweiten Kodierungs- 
schlOssel zur Erzeugung eines dritten kodier- 
ten Ausganges; 

Kodierung gemaB einer fOnftenldgischen Kom- 
bination an dem anderen Ort von der dekodier- 
ten personlichen Benutzeridentrfizierungsnum- 
mer entsprechend dem zweiten Kodierungs- 
schlOssel zur Erzeugung eines vierten kodier- 
ten Ausganges; 



Obertragen der Benutzernachricht und der Fol- 
genummer sowie des dritten und vierten ko- 
dierten Ausganges an einen entfernten Ort; 

Festsetzen eines zweiten KodterungsschlOs- 
sels an dem entfernten Ort; 

Dekodieren des dritten kodierten Ausganges 
entsprechend dem Empfang an dem genann- 
ten entfernten Ort entsprechend der vierten lo- 
gischen Kombination nach dem zweiten Kodie- 
rungsschlussels zur Erzeugung der Zufallszahl 
und des Nachrichten-Berechtigungskodes mit 
einer Mehrzahl von digitalen Sektoren; 

Dekodieren des vierten kodierten Ausganges, 
wie er an dem entfernten Ort empfangen wor- 
den ist, entsprechend der funften logischen 
Kombination zur Erzeugung der personlichen 
Identifizierungsnummer des Benutzers; 

Kodieren der Nachricht und der Folgenummer, 
wie sie an dem entfernten Ort empfangen wor- 
den sind, entsprechend der ersten logischen 
Kombination gemaB der dekodierten personli- 
chen Identifizierungsnummer zur Erzeugung 
eines Nachrichtenberechtigungskodes mit ei- 
ner Mehrzahl von digitalen Sektoren; und 

Vergleichen entsprechender digitaler Sektoren 
des dekodierten Nachrichten-Berechtigungs- 
kodes und des kodierten Nachrichten-Berech- 
tigungskodes an dem entfernten Ort zur Erzeu- 
gung einer Anzeige bezuglich eines zutreffen- 
den Vergleiches der ungeanderten Ubertra- 
gung der Nachricht oder der Anzeige eines ne- 
gativen Vergleiches einer Anderung der Uber- 
tragung der Nachricht. 

3. Verfahren gemaB Anspruch 1 , umf assend die fol- 
genden Schritte: 

Ubertragung eines ausgewahlten Sektors der 
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dekodierten ZufaHszahl von dem anderen Ort 
zu dem genannten einen Ort entsprechend ei- 
nem negaliven Vergleich; und 

Vergleichen des ausgewahlten Sektors der Zu- 5 
fallszahl, wie sie an dem einen Ort von dem an- 
deren Ort empfangen wurde, mit dem entspre- 
chenden ausgewahlten Sektor an dem einen 
Ort, zur Erzeugung einer Arizeige einer gean- 
derten Ubertragung der Nachricht zu dem an- 10 
deren Ort. 

4. Verfahren nach Anspruch 2, umfassend die folgen- 
den Schritte: 

15 

Vervollstandigen der Transaktion und Ruckga- 
be eines zweiten ausgewahlten Sektors der de- 
kodierten ZufaHszahl von dem entf emten Ort zu 
dem einen Ort in Abhangigkeit von dem ge- 
nannten positiven Vergleich, und Verhindern 20 
der Vervollstandigung der Transaktion und 
Ruckgabe eines dritten ausgewahlten Sektors 
der dekodierten ZufaHszahl von dem entfernten 
Ort zu dem genannten einen Ort in Abhangig- 
keit von einem negativen Vergleich; sowie 25 

Vergleichen des ausgewahlten Sektors der Zu- 
faHszahl, wie sie an dem genannten einen Ort 
von dem entfernten Ort empfangen worden ist, 
mit dem entsprechendeh ausgewahlten Sektor 30 
der Zahl, die an dem einen Ort erzeugt wurde, 
urn eine Anzeige der Vervollstandigung oder 
Nicht-Vervollstandigung der Transaktion an 
dem entfernten Ort zu erzeugen. 

35 

5. Einrichtung zur Sicherung einer Datentransaktion 
zwischen zwei Orten (31 , 35) entsprechend einer 
Benutzernachricht (41) und einer personlichen 
Identtfizierungsnummer (37), wobei die Einrichtung 
folgendes enthalt: 40 

Mittel zur Erzeugung einer Folgenummer, wel- 
cher einer Benutzertransaktion zugeordnet ist; 

Mittel (52) zur Erzeugung einer ZufaHszahl; 45 

erste Verschlusselungsmittel (45) an einem Ort 
zur VerschlOsselung, gemaB einer ersten logi- 
schen Kombination, der Benutzernachricht und 
der Folgenummer, welche dort zugefuhrt wer- 50 
den, mit der personlichen Identiflzierungsnum- 
mer. welche von dem Benutzer empfangen 
wurde, zur Erzeugung eines Nachrichten-Be- 
rechtigungskodes von dort mit einer Mehrzahl 
von Digitalsektoren; 55 

Mittel (50) an dem genannten einen Ort zur Er- 
zeugung eines ersten Bearbeitungsschlussels; 



zweite Verschlusselungsmittel (55), welche so 
beschaltet sind, daft sie die ZufaHszahl von 
dem Benutzer und einem ausgewahlten Sektor 
des Nachrichten-Berechtigungskodes empfan- 
gen, um dieselben mit dem ersten Bearbei- 
tungsschlussel entsprechend einer zweiten b- 
gischen Kombination davon zu vorsch I Ossein, 
um einen ersten verschlusselten Ausgang zu 
erzeugen' (62); " ' * 

dritte Verschlusselungsmittel (60), welche so 
beschaltet sind, daB sie die personliche Identi- 
fizierungsnummer von dem Benutzer empfan- 
gen, um dieselbe mit dem ersten Bearbeitungs- 
schlussel entsprechend einer dritten logischen 
Kombination davon zu verschlusseln, um einen 
zweiten kodierten Ausgang (64) zu erzeugen; 

Mittel (29) zur Ubertragung des ersten und des 
zweiten kodierten Ausganges und der Nach- 
richt sowie der Folgezahl von dem einen Ort zu 
dem nachsten Ort; 

Mittel, welche an dem nachsten Ort vorgese- 
hen sind, zur Erzeugung des ersten Bearbei- 
tungsschiussels (session key t ); 

erste EntschlOsselungsmittel (61) an dem 
nachsten Ort, welche so beschaltet sind, daB 
sie den ubertragenen ersten kodierten Aus- 
gang (68) und den ersten Bearbeitungsschlus- 
sel empfangen, um eine Entschlusselung ent- 
sprechend der zweiten logischen Kombination 
vorzunehmen, um die ZufaHszahl und den 
Nachrichten-Berechtigungskode (65) zu erzeu- 
gen; 

zweite EntschlOsselungsmittel (70) an dem 
nachsten Ort, welche so beschaHet sind, daB 
sie den ubertragenen zweiten kodierten Aus- 
gang und den ersten Bearbeitungsschlussel 
empfangen, um eine Entschlusselung entspre- 
chend der dritten logischen Kombination davon 
vorzunehmen, um die personliche Identifizie- 
rungsnummer des Benutzers (63) zu erzeugen; 

dritte Verschlusselungsmittel (67) an dem 
nachsten Ort, welche so beschaHet sind, daB 
sie die ubertragene Nachricht und die Folge- 
nummer empfangen, um dieselben entspre- 
chend der genannten ersten logischen Kombi- 
nation m'rt der entschlusselten personlichen 
Identtfizierungsnummer (63) zu kodieren, um 
einen Nachrichten-Berechtigungskode mrt ei- 
ner Mehrzahl von Digitalsektoren zu erzeugen; 

Vergleichermittel (74) an dem nachsten Ort, 
welche so beschaHet sind, daB sie die entspre- 
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chenden ausgewahlten Sektoren des Nach- 
richten-Berechtigungs-kodes (65) empfangen, 
welche durch EntschlOsselung der genannten 
ersten Entschlusselungsmittel (61) und des 
Nachrichtenberechtigungskodes erzeugt sind, s 
der durch Verschlussetung der dritten Ver- 
schlOsselungsmittel (67) an dem genannten 
nachsten Ort gebildet ist, urn eine Ausgangs- 
'anzeige der Gleichwe'rtrgkeitvon diesen zu er- 
zeugen; und 10 

Mittel (76) an dem nachsten Ort, welche auf die 
genannte Ausgangsanzeige ansprechen, urn 
auf die empfangene Nachricht entsprechend 
einem zutreffenden Vergleich zu reagieren. is 

6. Einrichtung nach Anspruch 5, enthaltend: 

Mittel (80) an dem nachsten Ort, welche auf den ne- 
gativen Vergleich ansprechen, urn an den genann- 
ten einen Ort einen ausgewahlten Sektor (58) der 20 
Zufallszahl zu ubertragen. 

7. Einrichtung nach Anspruch 5, enthaltend: 

Mittel, welche an dem nachsten Ort angeordnet 2S 
sind, urn einen zweiten Bearbeitungsschlussel 
(session key 2 ) zu erzeugen; 

erste Verschlusselungsmittel (69) an dem 
nachsten Ort, welche so beschaltet sind, da8< 30 
sie den entschlusselten Nachrichten-Berechti- 
gungskode und eine Zufallszahl empfangen, 
urn dieselben mit dem zweiten Verschlusse- 
lungskode entsprechend einer vierten logi- 
schen Kombination gemaB dem genannten po- 35 
sitiven Vergleich zu kodieren, urn einen dritten 
Ausgangskode zur Ubertragung zu einem Be- 
stimmungsort zu erzeugen; 

zweite Verschlusselungsmittel (78) an dem 40 
nachsten Ort, welche so beschaltet sind, daB 
sie die persdnliche entschlusselte Identifizie- 
rungsnummer empfangen, um dieselbe mit 
dem zweiten Kodierungsschlussel gemaB ei- 
ner funften logischen Kombination in Abhan- 45 
gigkeit von dem genannten positiven Vergleich 
zu kodieren, um einen vierten Ausgangskode 
(82) zur Ubertragung an einen Bestimmungsort 
zu erzeugen; 

so 

an dem Bestimmungsort angeordnete Mittel 
zur Erzeugung des genannten zweiten Kodie- 
rungsschlussels (session key 2 ); 

erste Entschlusselungsmittel (92), welche an ss 
dem Bestimmungsort angeordnet sind, um den 
dritten Ausgangskode (90), der von dem nach- 
sten Ort ubertragen wird, sowie den zweiten 



Kodierungsschlussel zur Dekodierung dessel- 
ben entsprechend der genannten vierten logi- 
schen Kombination zur Erzeugung der Zufalls- 
zahl (94) und des Nachrichten-Berechtigungs- 
kodes (75) zu empfangen; 

zweite Entschlusselungsmittel (71), welche an 
dem Bestimmungsort angeordnet sind, zum 
Empfang des vierten AUsgangskodes, der von 
dem genannten nachsten Ort ubertragen wor- 
den ist, sowie des zweiten Kodierungsschlus- 
sels (session key 2 ) zur Dekodierung desselben 
entsprechend der genannten f unften logischen 
Kombination zur Erzeugung der personlichen 
Identifizierungsnummer; 

Verschlusselungsmittel (77), welche an dem 
Bestimmungsort angeordnet sind, zum Emp- 
fang der Nachricht und der Folgezahl zur Ko- 
dierung derselben mit der entschlusselten per- 
sonlichen Identifizierungsnummer gemaB der 
f unften logischen Kombination zur Erzeugung 
eines Nachrichten-Berechtigungskodes mit ei- 
ner Mehrzahl von Digitalsektoren; 

Mittel (79) an dem Bestimmungsort zum Ver- 
gleichen entsprechender ausgewahlter Sekto- 
ren des verschlusselten Nachrichten-Berechti- 
gungskodes und des entschlusselten Nach- 
richten-Berechtigungskodes (75) zur Erzeu- 
gung von Ausgangsanzeigen eines zutreffen- 
den oder negativen Vergleiches; 

Mittel (81 ) an dem Bestimmungsort, welche auf 
die Ausgangsanzeige des zutreffenden Ver- 
gleiches ansprechen, um bei Empfang der 
ubertragenen Nachricht zu reagieren und einen 
ausgewahlten Sektor der Zufallszahl zu dem 
genannten einen Ort zu ubertragen und um in 
Abhangigkeit (83) eines negativen Vergleiches 
einen anderen ausgewahlten Sektor der Zu- 
fallszahl zu dem genannten einen Ort zu uber- 
tragen; und 

Vergletchermittel (98), welche an dem genann- 
ten einen Ort angeordnet sind, welche so be- 
schaltet sind, daB sie die entsprechenden aus- 
gewahlten Sektoren der Zufallszahl empfan- 
gen, um eine Ausgangsanzeige (89, 91) des 
Betriebszustandes zu liefern, sobald die Nach- 
richt am Bestimmungsort eingetroffen ist. 



Revendlcatlons 

1. Precede de securisation des donnees de transac- 
tion entre deux emplacements en r6ponse a un 
message d'utilisateur et a un numero d'identifica- 
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tion personnel, te proc6d6 comprenant : 

I'elaboration d'un numero de sequence repre- 
sentatif de la transaction de I'utilisateur, 
le codage d'une premiere combinaison logique s 
au niveau du premier emplacement, du messa- 
ge de I'utilisateur et du numero de sequence 
conformement au numero d'identification per- 
• sonhel recu depuls I'utifisateur afin de produire - 
un code d'authentification de message com- to 
portant un nombre multiple de secteurs de chif- 
fres, 

la generation d'un nombre aleatoire, 
I'etablissement d'une premiere cle de codage, 
le codage en une seconde combinaison logi- is 
que au niveau du premier emplacement, du 
nombre aleatoire et d'un nombre s6lectionne 
de secteurs du code d'authentification de mes- 
sage conformement a la premiere cle de cryp- 
tage, afin de produire une premiere sortie co- 20 
dee. 

le codage en une troisieme combinaison logi- 
que au niveau du premier emplacement, du nu- 
mero d'identification personnel de I'utilisateur 
conformement a la premiere cle de codage afin 25 
de produire une sortie cod6e, 
la transmission vers un autre emplacement du 
message de I'utilisateur et du numero de se- 
quence et des premiere et seconde sorties co- 
dees, 30 
I'etablissemerit de la premiere cle de codage 
au niveau d'un tel autre emplacement, 
le decodage de la premiere sortie codee recue 
au niveau d'un tel autre emplacement, avec la 
premiere cle de codage conformement a ladite 3S 
seconde combinaison logique de celui-ci afin 
de procurer le nombre aleatoire et le code 
d'authentification de message, 
" le decodage de la seconde sortie cod6e recue 
au niveau d'un tel autre emplacement, avec la <o 
premiere cle de codage conformement a ladite 
troisieme combinaison logique afin de procurer 
le numero d'identification personnel de I'utilisa- 
teur, 

le codage en la premiere combinaison logique 45 
au niveau d'un tel autre emplacement, du mes- 
sage de I'utilisateur et du numero de sequence 
recus au niveau de celui-ci, conformement au 
numero d'identification personnel decode afin 
de produire un code d'authentification de mes- so 
sage comportant un nombre multiple de sec- 
teurs de chiffres, et 

la comparaison des secteurs de chiffres corres- 
pondants selectionnes du code d'authentifica- 
tion de message decode et du code d'authen- 55 
tification de message code afin de procurer une 
indication de comparaison favorable de la 
transmission valide du message de I'utilisateur 



entre les deux emplacements. 

2. Procede selon la revendication 1 , comprenant les 
6tapes consistent a : 

etablir une seconde cle de codage au niveau 
de I'autre emplacement, 
coder en une quatrieme combinaison logique 
• ' au niveau tfurr tel autre emplacement, le nom- 
bre aleatoire decode et le secteur sglectionne 
du code d'authentification de message confor- 
mement a la seconde cl6 de codage afin de pro- 
duire une troisieme sortie codee, 
coder en une cinquieme combinaison logique 
au niveau de I'autre emplacement, le numero 
d'identification personnel de I'utilisateur deco- 
de conformement a la seconde cl6 de codage 
afin de produire une quatrieme sortie codee, 
transmettre vers un emplacement a distance le 
message de I'utilisateur et le numero de se- 
quence et ainsi que les troisieme et quatrieme 
sorties cod6es, 

etablir la seconde cl6 de codage au niveau de 
I'emplacement a distance, 
decoder la troisieme sortie codee telle qu'elle 
est recue au niveau de I'emplacement a distan- 
ce conformement a la quatrieme combinaison 
logique en fonction de la seconde cl6 de coda- 
ge afin de procurer le nombre aleatoire et le co- 
de d'authentification de message comportant 
un nombre multiple de secteurs de chiffres, 
decoder la quatrieme sortie codee recue au ni- 
veau de I'emplacement a distance conforme- 
ment a la cinqui6me combinaison logique afin 
de procurer le num6ro d'identification person- 
nel de I'utilisateur, 

coder le message et le numero de sequence 
recus au niveau de I'emplacement a distance, 
conformement a la premiere combinaison logi- 
que suivant le num6ro d'identification person- 
nel decode afin de produire un code d'authen- 
tification de message comportant un nombre 
multiple de secteurs de chiffres, et 
comparer les secteurs de chiffres correspon- 
dents du code d'authentification de message 
decode et du code d'authentification de messa- 
ge code au niveau de I'emplacement a distan- 
ce, afin de procurer une indication de la com- 
paraison favorable de la transmission sans mo- 
dification du message, ou bien une indication 
de la comparaison d6favorable correspondent 
a une modification dans la transmission du 
message. 

3. Precede selon la revendication 1, comprenant les 
etapes consistent a : 

transmettre un secteur s6lectionn6 du nombre 
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al6atoire decode depuis I'autre emplacement 
jusqu'au premier emplacement en reponse a 
une comparaison defavorable, et 
comparer le secteur s6lectionn6 du nombre 
aleatoire recu au niveau du premier emplace- & 
ment depuis I'autre emplacement, au secteur 
selectionne correspondant au niveau du pre- 
mier emplacement afin de procurer une indica- 
• ■ tion de la transmission mddifiee du message 1 

vers I'autre emplacement. 10 

4. Procede selon la revendication 2, comprenant les 
Stapes consistant a : 

executer la transaction et renvoyer un second is 
secteur selectionne du nombre aleatoire deco- 
de depuis I'emplacement a distance vers le pre- 
mier emplacement, en reponse a ladite compa- 
raison favorable, et inhiber I'execution de la 
transaction et renvoyer un troisieme secteur 20 
selectionne" du nombre aleatoire decode de- 
puis ('emplacement a distance vers le premier 
emplacement, en reponse a ladite comparai- 
son defavorable, et 

comparer le secteur s6lectionn6 du nombre 25 
aleatoire recu au niveau du premier emplace- 
ment depuis I'emplacement a distance, au sec- 
teur selectionne correspondant du numero ge- 
nere au niveau du premier emplacement, afin 
de procurer une indication de I'execution ou de 30 
la non-execution de la transaction au niveau de 
I'emplacement a distance. 

5. Dispositif destine a securiser des donnSes de tran- 
saction entre deux emplacements (31 , 35) en r6- 35 
ponse a un message (41) et a un numero d'identi- 
fication personnel (37) de I'utilisateur, le dispositif 
comprenant : 

un moyen destin6 a generer un numero de se- 40 
quence associe a une transaction de I'utilisa- 
teur, 

un moyen (52) destine a generer un nombre 
aleatoire, 

un premier moyen de cryptage (45) au niveau 4S 
d'un premier emplacement, afin de crypter con- 
formement a une premiere combinaison togi- 
que le message et le num6ro de sequence de 
I'utilisateur qui lui sont appliques, ainsi que le 
numero d'identification personnel recu de Putt- so 
lisateur afin de produire un code d'authentifica- 
tion de message a partir de celui-ci comportant 
un nombre multiple de secteurs de chiffres, 
un moyen (50) au niveau dudit premier empla- 
cement destine a produire une premiere cle de ss 
session, 

un second moyen de cryptage (55) couple de 
facon a recevoir le nombre aleatoire de futili- 



sateur et un secteur selectionne du code 
d'authentification de message afin de crypter 
celui-ci avec la premiere cle de session confor- 
mement a une seconde combinaison logique 
de celle-ci afin de produire une premiere sortie 
codee (62), 

un troisieme moyen de cryptage (60) couple de 
facon d recevoir le numero d'identification per- 
sonnel de I'utilisateur pourcrypler celui-ci avec 
la premiere cle de session conformement a une 
troisieme combinaison logique de celle-ci afin 
de produire une seconde sortie codee (64), 
un moyen (29) destin6 a transmettre les pre- 
miere et seconde sorties codees et un messa- 
ge et un numero de sequence provenant du 
premier emplacement, vers ('emplacement sui- 
vant, 

un moyen au niveau de I'emplacement suivant 
destine a produire la premiere cle de session 
(cle de session key-,), 

un premier moyen de ddcryptage (61) au ni- 
veau de I'emplacement suivant, couple de fa- 
con a recevoir la premiere sortie codee trans- 
mise (68) et la premiere cle de session pour un 
decry ptage conformement a ladite seconde 
combinaison logique afin de procurer le nom- 
bre aleatoire et le code d'authentification de 
message (65), 

un second moyen de ddcryptage (70) au niveau 
de I'emplacement suivant, couple de facon a 
recevoir la seconde sortie codee transmise et 
la premiere do de session pour un decryptage 
conformement a la troisieme combinaison logi- 
que de celle-ci afin de produire le numero 
d'identification personnel de I'utilisateur (63), 
un troisieme moyen de cryptage (67) au niveau 
de I'emplacement suivant, couple de facon a 
recevoir le message et le num6ro de sequence 
transmis afin de coder ceux-ci conformement a 
ladite premiere combinaison logique ainsi que 
le numero d'identification personnel decrypts 
(63) afin de produire un code d'authentification 
de message comportant un nombre multiple de 
secteurs de chiffres, 

un moyen de comparaison (74) au niveau de 
I'emplacement suivant, couple de facon a rece- 
voir les secteurs s6lectionn6s correspondents 
du code d'authentification de message (65) 6la- 
bore par le ddcryptage dudit premier moyen de 
decryptage (61) et du code d'authentification 
de message forme par le cryptage dudit troisie- 
me moyen de cryptage (67) au niveau dudit em- 
placement suivant afin de produire une indica- 
tion en sortie de la paritd de ceux-ci, et 
un moyen (76) au niveau de I'emplacement sui- 
vant, qui repond a ladite indication en sortie afin 
d'agir sur le message recu en reponse a une 
comparaison favorable. 
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6. Dispositif selon la revendication 5, comprenant : 

un moyen (80) au niveau de ('emplacement 
suivant qui r6pond a une comparaison d6favorable 
pour la transmission vers le premier emplacement 
d'un secteur s6lectionn6 (58) du nombre aleatoire. s 

7. Dispositif selon la revendication 5, comprenant : 

un mbyen au niveau de Templacement suivant 
destine- a produire une seconde cl6 de codage 10 
(cle de session key 2 ), 

un premier moyen de cryptage (69) au niveau 
de Templacement suivant, couple" de facon a 
recevoir le code d'authentification de message 
et le nombre aleatoire decry ptes destine a co- is 
der ceux-ci avec la seconde cle de codage con- 
formement a une quatrieme combinaison logi- 
que, en reponse a ladite comparaison favora- 
ble afin de produire un troisieme code de sortie 
pour une transmission vers un emplacement de 20 
destination, 

un second moyen de cryptage (78) au niveau 
de Templacement suivant, couple* de facon a 
recevoir le num6ro ^identification personnel 
decrypts afin de coder celui-ci avec la seconde ss 
cl6 de codage conformement a une cinquieme 
combinaison logique, en reponse a ladite com- 
paraison favorable afin de produire un quatrie- 
me code de sortie (82) pour une transmission 
vers un emplacement de destination, 30 
un moyen au niveau de Templacement de des- 
tination, destine aproduire la seconde cle de 
codage (cle de session key 2 ), 
un premier moyen de decryptage (92) au ni- 
veau de Templacement de destination, destine 35 
a recevoir le troisieme code de sortie (90) trans- 
mis depuis ledit emplacement suivant et la se- 
conde cl6 de codage afin de decoder ceux-ci 
conformement a ladite quatrieme combinaison 
logique afin de procurer le nombre aleatoire *o 
(94) et le code d'authentification de message 
(75). 

un second moyen de decryptage (71 ) au niveau 
de Templacement de destination, destine are- 
cevoir le quatrieme code de sortie transmis de- *s 
puis ledit emplacement suivant et la seconde 
cle de codage (cle de session key 2 ) afin de de- 
coder ceux-ci conformement a ladite cinquieme 
combinaison logique afin de procurer le nume- 
ro d' identification personnel, so 
un moyen de cryptage (77) au niveau de Tem- 
placement de destination destine arecevoir le 
message et le numero de sequence en vue de 
coder ceux-ci ainsi que le numero d'identifica- 
tton personnel decrypts conformement a la pre- 
miere combinaison logique afin de produire un 
code d'authentification de message compor- 
tant un nombre multiple de secteurs de chiffres, 



un moyen (79) au niveau de Templacement de 
destination destine acomparer des secteurs 
sdlectionnes correspondents du code 
d'authentification de message crypte et du co- 
de d'authentification de message decrypts (75) 
afin de produire des indications en sortie de 
comparisons favorable et defavorable, 
un moyen (81) au niveau de Templacement de 
destination, qUi repond a une Indication en sor- 
tie favorable afin d'agir sur le message transmis 
et de'transmettre un secteur selectionne du 
nombre aleatoire vers ledit premier emplace- 
ment, et qui r6pond (83) a une comparaison de- 
favorable afin de transmettre un autre secteur 
selectionne du nombre aleatoire vers ledit pre- 
mier emplacement, et 

un moyen de comparateur (98) au niveau du 
premier emplacement, couple de facon a rece- 
voir les secteurs s6lectionnes correspondents 
du nombre aleatoire en vue de procurer une in- 
dication en sortie (89, 91) de I'etat de Topera- 
tion executee sur un message au niveau de 
Templacement de destination. 
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